Hi.
I’m having some networking problems with KVM and pfSense firewall.
Host is Ubuntu 12, KVM version 1.0. pfSense 2.1 RC.
I confifgured the firewall VM using two e1000 cards. pfSense 2.1 supports VirtIO networking, but doesn’t seem to be that much faster, at least in this version. I tried using rtl device as WAN, issue persists.
The main problem is that my TCP connection often time out. I notice this mainly on ssh and smtp: I try an ssh command and times out then I reissue the same command one second later and connection is established immediately. Same for smtp, first mx fails, second one goes perfectly!
I’m not 100% sure this is a KVM issue, but apparently pfSense users on other VM platforms or on physical machines aren’t affected.
Any hint on what I could check?
thanks.
I add here relevant configs
/etc/network/interfaces
[code]auto br0
iface br0 inet static
address 10.2.22.195
netmask 255.255.255.0
network 10.2.22.0
broadcast 10.2.22.255
gateway 10.2.22.1
dns-nameservers 10.2.22.1
dns-search domain.it
bridge-ports eth0
bridge-fd 0
bridge-hello 2
bridge-maxage 12
bridge-stp off
auto br1
iface br1 inet manual
bridge-ports eth1
bridge-fd 0
bridge-hello 2
bridge-maxage 12
bridge-stp off
[/code]
VM definition:
<domain type='kvm' id='74'>
<name>pfsense2_1</name>
<uuid>0dffd074-abc0-2654-22b4-789b1a99f25f</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc-1.0'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='/dev/vgobs/pfsense2_1'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<alias name='ide0-1-0'/>
<address type='drive' controller='0' bus='1' unit='0'/>
</disk>
<controller type='ide' index='0'>
<alias name='ide0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:fa:e1:61'/>
<source bridge='br0'/>
<target dev='vnet4'/>
<model type='e1000'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='52:54:00:75:80:bd'/>
<source bridge='br1'/>
<target dev='vnet5'/>
<model type='e1000'/>
<alias name='net1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/3'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/3'>
<source path='/dev/pts/3'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5904' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-0dffd074-abc0-2654-22b4-789b1a99f25f</label>
<imagelabel>libvirt-0dffd074-abc0-2654-22b4-789b1a99f25f</imagelabel>
</seclabel>